SPLUNK ADMIN PRACTICE QUESTIONS WITH ACCURATE
SOLUTIONS
Which configuration file defines indexes?
a. Transforms.conf
b. Props.conf
c. Inputs.conf
d. Outputs.conf -- Correct Answer ✔✔ c. Inputs.conf
Global configuration files reside in:
a. /var/lib
b. /etc/user/<username>
c. /etc/apps/<app_name>
d. /etc/system -- Correct Answer ✔✔ d. /etc/system
The general precedence for configuration files is:
a. Local then default.
b. Default then local.
c. Local then modified.
d. Modified then local. -- Correct Answer ✔✔ a. Local then default.
Which of the following is the best way to see which stanzas from which configuration
files Splunk is using at runtime?
a. Run the search "runtime=*"
b. User btool
c. Check the linux PIDs or windows Perfmon for running processes
d. Delete all unnecessary configuration files. -- Correct Answer ✔✔ b. User btool
,Within a configuration file, different sections are broken out by
a. Attributes
b. Values
c. stanzas
d. Rows -- Correct Answer ✔✔ c. stanzas
When you create a new index, Splunk appends the indexes.conf file located at:
$SPLUNK_HOME/etc/system/default/indexes.conf
True
False -- Correct Answer ✔✔ False
Configuration files can be edited:
a. In splunk web
b. In the CLI
c. A only
d. B only
e. A and B -- Correct Answer ✔✔ e. A and B
The file extension for configuration files is
a. .txt
b. .bin
c. .vim
d. .conf -- Correct Answer ✔✔ d. .conf
Which type of data do indexes not contain?
a. Raw
b. Pointers
c. Relational
d. Metadata -- Correct Answer ✔✔ c. Relational
, The default type of indexes is
a. Event
b. Metrics
c. Lookups
d. Recursive -- Correct Answer ✔✔ a. Event
Buckets are organized and processes by:
a. Preference
b. Age
c. Location in the file system
d. Data created -- Correct Answer ✔✔ b. Age
The most "live" data exist in which bucket?
a. Warm
b. Cold
c. Hot
d. Thawed -- Correct Answer ✔✔ c. Hot
The frozen Bucket is where archived data is stored.
True
False -- Correct Answer ✔✔ True
In which bucket is archived data stored
a. Hot
b. Cold
c. Fish
d. Thawed -- Correct Answer ✔✔ d. Thawed
A level 2 hashes is computed:
a. Between the source and the hot bucket
SOLUTIONS
Which configuration file defines indexes?
a. Transforms.conf
b. Props.conf
c. Inputs.conf
d. Outputs.conf -- Correct Answer ✔✔ c. Inputs.conf
Global configuration files reside in:
a. /var/lib
b. /etc/user/<username>
c. /etc/apps/<app_name>
d. /etc/system -- Correct Answer ✔✔ d. /etc/system
The general precedence for configuration files is:
a. Local then default.
b. Default then local.
c. Local then modified.
d. Modified then local. -- Correct Answer ✔✔ a. Local then default.
Which of the following is the best way to see which stanzas from which configuration
files Splunk is using at runtime?
a. Run the search "runtime=*"
b. User btool
c. Check the linux PIDs or windows Perfmon for running processes
d. Delete all unnecessary configuration files. -- Correct Answer ✔✔ b. User btool
,Within a configuration file, different sections are broken out by
a. Attributes
b. Values
c. stanzas
d. Rows -- Correct Answer ✔✔ c. stanzas
When you create a new index, Splunk appends the indexes.conf file located at:
$SPLUNK_HOME/etc/system/default/indexes.conf
True
False -- Correct Answer ✔✔ False
Configuration files can be edited:
a. In splunk web
b. In the CLI
c. A only
d. B only
e. A and B -- Correct Answer ✔✔ e. A and B
The file extension for configuration files is
a. .txt
b. .bin
c. .vim
d. .conf -- Correct Answer ✔✔ d. .conf
Which type of data do indexes not contain?
a. Raw
b. Pointers
c. Relational
d. Metadata -- Correct Answer ✔✔ c. Relational
, The default type of indexes is
a. Event
b. Metrics
c. Lookups
d. Recursive -- Correct Answer ✔✔ a. Event
Buckets are organized and processes by:
a. Preference
b. Age
c. Location in the file system
d. Data created -- Correct Answer ✔✔ b. Age
The most "live" data exist in which bucket?
a. Warm
b. Cold
c. Hot
d. Thawed -- Correct Answer ✔✔ c. Hot
The frozen Bucket is where archived data is stored.
True
False -- Correct Answer ✔✔ True
In which bucket is archived data stored
a. Hot
b. Cold
c. Fish
d. Thawed -- Correct Answer ✔✔ d. Thawed
A level 2 hashes is computed:
a. Between the source and the hot bucket
